From owner-freebsd-current@FreeBSD.ORG Wed Jan 6 20:19:15 2010 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A21541065695 for ; Wed, 6 Jan 2010 20:19:15 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx21.fluidhosting.com [204.14.89.4]) by mx1.freebsd.org (Postfix) with ESMTP id 4C7938FC16 for ; Wed, 6 Jan 2010 20:19:15 +0000 (UTC) Received: (qmail 17310 invoked by uid 399); 6 Jan 2010 20:19:14 -0000 Received: from localhost (HELO foreign.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 6 Jan 2010 20:19:14 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <4B44F049.4060805@FreeBSD.org> Date: Wed, 06 Jan 2010 12:19:21 -0800 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Thunderbird 2.0.0.23 (X11/20091206) MIME-Version: 1.0 To: Harald Schmalzbauer References: <4B12CCA8.7050808@omnilan.de> <4B1341E7.1050805@FreeBSD.org> <4B445257.3080606@omnilan.de> In-Reply-To: <4B445257.3080606@omnilan.de> X-Enigmail-Version: 0.96.0 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: freebsd-current@freebsd.org Subject: Re: named, VARMFS=yes and FILESDIR X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jan 2010 20:19:15 -0000 Harald Schmalzbauer wrote: > Doug Barton schrieb am 30.11.2009 04:54 (localtime): > There are kind of "to be expected" incompatible options, of course, but > this one hit me some years before. Especcially for newbies, it's not > clear why these options shouldn't work together. Because what you're proposing is very far away from the typical way that name servers are configured. My goal is to provide a secure, safe default configuration that conforms to current best practices. What you want to do is an edge case, and not even something I see as reasonable to add an option in the base for given that the code is already much more complicated than it should be. >>> My idea is to create a namedb directory in /usr/share (like there's one >>> for sendmail) with duplicate entries of src/etc/namedb >> >> Why not just set named_chrootdir to /usr/share/namedb ? It's not 100% >> clear to me what you're trying to accomplish. Can you please go into a >> little more detail about your goals, rather than potential solutions? > > I think rc.d/var should be able to populate a named compliant /var. > Therefore it needs at least named.conf and named.root. > My idea was to save them in /usr/share, where many other (sendmail e.g.) > template duplicates also reside. When chrooting to /usr/share/namedb, it > also fails if I don't have the original installed /var, like if /var is > a freshly populated memory file system. If you are dead set on this course of action that's fine. What I suggest that you do is to create an rc.d script that does what you want, and include REQUIRE: var and BEFORE: named. Put this script in /usr/local/etc/rc.d and you'll be good to go. Off hand you will probably need to use the same mtree invocation that rc.d/named uses to create the file structure, but after that copying your files should be easy. You can start here for information on how to create your own rc.d scripts: http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/rc-scripts.html >>> P.S.: named_conf definitions in rc.conf get lost. >> >> Yes, that's something that needs improvement. I have it on the list >> but since it's not common for people to alter the path to the conf >> file, and since in the past in order to do so you've had to add -c to >> named_flags anyway, I don't regard it as urgent. FYI, this is done. Doug -- Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ Computers are useless. They can only give you answers. -- Pablo Picasso